Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Hacktool.Rootkit [CLOSED]

ShawnC

Posted 22 October 2005 - 03:04 PM

ShawnC

Member

Member

10 posts

Hi first time here. I have followed all the other instructions that were listed. I still have problems if anyone can help me that would be greatly appreciated. All I need is the direction of what to do. Hoepfully I am able to follow them.

tampabelle

Posted 27 October 2005 - 10:38 AM

tampabelle

Member 5k

Retired Staff

6,363 posts

Hi Shawn,

We are sorry to have missed your topic.

I will help you clean your PC.

Click on Start ---> Run. Type Services.msc and hit enter. Locate the item - XICPJNHKXL. Right click on it and then click on properties. In the Startup Type choose the option Disable. Similarly disable the services -

To reboot into SafeMode with Windows XP, you can follow these steps from Microsoft:

Next, please reboot your computer in SafeMode by doing the following:

Restart your computer

After hearing your computer beep once during startup, but before the Windows icon appears, start tapping press F8 key.

Instead of Windows loading as normal, a menu should appear

Select the first option, to run Windows in Safe Mode.

Now run the CleanUp program:

*IMPORTANT NOTE*CleanUp deletes EVERYTHING out of your temp/temporary folders, it does not make backups.If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp

Running CleanUp

Start CleanUp by double-clicking the icon on your desktop (or from the Start > All Programs menu).

When CleanUp starts go to the Options button (right side of CleanUp screen)

Move the arrow down to "Custom CleanUp!"

Now place a checkmark next to the following (Make sure nothing else is checked!):

Delete Cookies
This is optional, if you leave the box checked it will remove all of your cookies, at this point removing cookies is a good idea

Empty Recycle Bins

Delete Prefetch files

Cleanup! All Users

Click OK

Then click on the CleanUp button. This will take a short while, let it do its thing.

ShawnC

Posted 27 October 2005 - 06:48 PM

ShawnC

Member

Topic Starter

Member

10 posts

Hi tampabelle, thank you for your response here are the current logs that you asked for

Panda when I did that this is what I got

Service Unavailable - DNS failureThe server is temporarily unable to service your request. Please try again later.Reference #11.2172f9d1.1130460332.8259f5 So I will try later and post that again but here is the HJT

tampabelle

Posted 29 October 2005 - 02:55 PM

tampabelle

Member 5k

Retired Staff

6,363 posts

Hi Shawn,

Click on Start ---> Run. Type Services.msc and hit enter. Locate the item - EQKQ. Right click on it and then click on properties. In the Startup Type choose the option Disable. Similarly disable the service -

MR

Close the window.

Run Hijack This and click on scan. The following items need to be fixed -

Click the "Free Trial" link on the right - next to "SpySweeper for Home Computers".On the next page, click the "Free Trial" button.Download it and install it.When you open the program, it will prompt you to update to the latest definitions.Please do so, then click "Sweep Now"Then click the "Start" button.When it's done scanning, click the "Next" button.Remove everything it finds, then save the log - copy the log and paste it here for me.

ShawnC

Posted 30 October 2005 - 02:08 PM

ShawnC

Member

Topic Starter

Member

10 posts

Something has happened since I did the last things. I now can't play online poker it won't connect with server or something it is justdoesn't do anything and I am unable to get my email unless I start in safe mode with networking. In regular start up I can't retrieve my email so I am not sure what is happening.

This is the error message I get there

Task 'shawmail - Sending and Receiving' reported error (0x8004210A) : 'The operation timed out waiting for a response from the receiving (POP) server. If you continue to receive this message, contact your server administrator or Internet service provider (ISP).'

tampabelle

Posted 01 November 2005 - 05:06 PM

tampabelle

Member 5k

Retired Staff

6,363 posts

Click on Start ---> Run. Type Services.msc and hit enter. Locate the item - XICPJNHKXL. Right click on it and then click on properties. In the Startup Type choose the option Disable. Similarly disable the services -

Advertisements

tampabelle

Posted 04 November 2005 - 09:29 AM

tampabelle

Member 5k

Retired Staff

6,363 posts

Hi Shawn,

Something is well hidden and is causing the infections to regenerate. Lets dig a little deeper to get the chap.

run the CleanUp program:

*IMPORTANT NOTE*CleanUp deletes EVERYTHING out of your temp/temporary folders, it does not make backups.If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp

Running CleanUp

Start CleanUp by double-clicking the icon on your desktop (or from the Start > All Programs menu).

When CleanUp starts go to the Options button (right side of CleanUp screen)

Move the arrow down to "Custom CleanUp!"

Now place a checkmark next to the following (Make sure nothing else is checked!):

Delete Cookies
This is optional, if you leave the box checked it will remove all of your cookies, at this point removing cookies is a good idea

Empty Recycle Bins

Delete Prefetch files

Cleanup! All Users

Click OK

Then click on the CleanUp button. This will take a short while, let it do its thing.

ShawnC

Posted 04 November 2005 - 05:45 PM

ShawnC

Member

Topic Starter

Member

10 posts

Tampabelle thanks for everything. I found out that the Hacktool in the svkp.sys was from a program I was running for a game and is not a virus. NOrton's update picked this up as a virus and sent the warning. I did have problems with receiving email and playing other online games but now that seems to be fine. I feel bad that it was not a virus after all. I do really appreciate all of your help though.